VDB
RHSA-2022%3A7401
RHSA-2022%3A7401
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:c31c042a84336d660c52b3e299d07b3fde9519533f18de552d36d497c470285f_s390x as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/frr-rhel8@sha256:2837b4e29c60cbfe258d7ec7712169e2cbbf6b379ac50df93967f8267f033bfe_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/frr-rhel8@sha256:2837b4e29c60cbfe258d7ec7712169e2cbbf6b379ac50df93967f8267f033bfe_s390x |
| Red Hat | openshift4/ose-csi-livenessprobe@sha256:18c270911e86939e87f046262e1afacc6fe0a89b706eac94c843da34243f0ac9_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-livenessprobe@sha256:18c270911e86939e87f046262e1afacc6fe0a89b706eac94c843da34243f0ac9_s390x |
| Red Hat | openshift4/kubernetes-nmstate-rhel8-operator@sha256:0680faf3bddebf47102800e9088e163d20e53e1a428aef6ca84b76b7c198ec39_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-node-feature-discovery@sha256:0247b7cebeb1041620f5715f0fad36e78e410b3f3f48a5e83dcfdbb207e9d4aa_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-node-feature-discovery@sha256:0247b7cebeb1041620f5715f0fad36e78e410b3f3f48a5e83dcfdbb207e9d4aa_amd64 |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:52f47b61f0f2fbbd7657ee3ef59f01677d0e316237edd4c9577f672667f1c139_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:52f47b61f0f2fbbd7657ee3ef59f01677d0e316237edd4c9577f672667f1c139_arm64 |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:91ef4be90e188e7a1a907f2e8846ed88148fdf8dde9594b9753548eaa84835c6_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ovn-kubernetes@sha256:91ef4be90e188e7a1a907f2e8846ed88148fdf8dde9594b9753548eaa84835c6_arm64 |
| Red Hat | openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e0d78d2a1c96d667ef387f00c661c1960e29f621f3c2a239c698b36ad63e68d9_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e0d78d2a1c96d667ef387f00c661c1960e29f621f3c2a239c698b36ad63e68d9_amd64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b6fad4943188a9fb922f8b41c02bdf0c62da229ae172e052baf287a8677aad14_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-cluster-kube-descheduler-operator-bundle@sha256:d81add28173a8b2172f1596645c0901146533462e6e6d3b8d8baa442dd6b6d72_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d033c6a326b499e1c519f28f577e15c1ec2d0d75ef19e34f4ae9aec5df81a37f_s390x as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8@sha256:bf33ee424f3666cceef9ae399ca377340abee9bc6cfd0b511709beed6060d9af_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-clusterresourceoverride-rhel8@sha256:bf33ee424f3666cceef9ae399ca377340abee9bc6cfd0b511709beed6060d9af_ppc64le |
| Red Hat | openshift4/ose-sriov-dp-admission-controller@sha256:2f38a408a6fee4740f1d0a24a2f7b02e934e1c63e01c7e6db6611ab7d5efc0ec_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-sriov-dp-admission-controller@sha256:2f38a408a6fee4740f1d0a24a2f7b02e934e1c63e01c7e6db6611ab7d5efc0ec_amd64 |
| Red Hat | openshift4/ose-cluster-kube-descheduler-operator-metadata@sha256:d81add28173a8b2172f1596645c0901146533462e6e6d3b8d8baa442dd6b6d72_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-kube-descheduler-operator-metadata@sha256:d81add28173a8b2172f1596645c0901146533462e6e6d3b8d8baa442dd6b6d72_amd64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:06e72c8de47c5e602b12f8835eccca638b7177744bc9a040a6d5a08095c07273_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:06e72c8de47c5e602b12f8835eccca638b7177744bc9a040a6d5a08095c07273_amd64 |
| Red Hat | openshift4/ose-local-storage-operator-bundle@sha256:3f29a372de62d4182611577b98d7564f1b41a48d34f8bba19913f08b8e88e96c_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-local-storage-operator-bundle@sha256:3f29a372de62d4182611577b98d7564f1b41a48d34f8bba19913f08b8e88e96c_amd64 |
| Red Hat | openshift4/ose-csi-node-driver-registrar@sha256:c48ff6738f67ddc4537a9eb6a9087753244fc58c88e23abca4a0018b8121cf6a_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-node-driver-registrar@sha256:c48ff6738f67ddc4537a9eb6a9087753244fc58c88e23abca4a0018b8121cf6a_arm64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8@sha256:fce04709a3d09f0251f1d3f194e64b2c72cc809fd72228dae1b969670c4e3b94_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:f3c8e8f1d762d80ad185f5f0e0507ce724d36b001a21c9843f0ad65f0fe372d3_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:f3c8e8f1d762d80ad185f5f0e0507ce724d36b001a21c9843f0ad65f0fe372d3_amd64 |
| Red Hat | openshift4/ose-cloud-event-proxy-rhel8@sha256:8fe8305a0991da4f10370983452eac7ed78c16de299f68e81c7de7018e9fc346_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cloud-event-proxy-rhel8@sha256:8fe8305a0991da4f10370983452eac7ed78c16de299f68e81c7de7018e9fc346_ppc64le |
…and 346 more
Timeline
- Jan 17, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:7401 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2064702 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2100495 issue
- https://issues.redhat.com/browse/OCPBUGS-3571 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2022_7401.json advisory
- https://access.redhat.com/security/cve/CVE-2021-38561 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-38561 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-38561 advisory
- https://pkg.go.dev/vuln/GO-2021-0113 advisory
- https://access.redhat.com/security/cve/CVE-2022-27191 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-27191 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-27191 advisory
- https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ advisory